SSH with kerberos auth doesn't provide a ticket

[Matt Mullins]

On Tue, Jan 24, 2017 at 11:25 PM, C. L. Martinez <carlopmart at gmail.com> wrote:
> Hi all,
>
>  I have a strange problem with ssh when kerberos auth is used. We have three kerberos servers based on MIT kerberos. I have configured a FreeBSD 11-RELEASE virtual guest to authenticate against these kerberos servers. Auth works ok, but ssh doesn't request a kerberos ticket (I am connecting from a Windows 10 workstation with putty):

When you say "auth works ok", I assume that means that PuTTY does not
prompt for a password?  If it does prompt for a password, you are
definitely not using GSSAPI at the ssh-connection layer (even if that
password is being checked against a KDC on the ssh server).

>  I have enabled th following options in sshd_config:
>
> # Kerberos options
> KerberosAuthentication yes

You probably don't need that, if you've got mod_krb5.so in your PAM
config.  This only applies when PasswordAuthentication is negotiated
for an SSH session, anyway.

>  It is strange because this "problem" only appears with FreeBSD, all others linux doesn't have this problem.
>
>  What am I doing wrong?

When you configure your PuTTY connection for your FreeBSD machine,
make sure you check the "Allow GSSAPI credential delegation" in
Connection -> SSH -> Auth -> GSSAPI.  Seems to work for me.